The fight over the future of encryption, explained
I want to tell you about one thing that came up in our conversation: efforts to, in some way, monitor encrypted messages.
Policy proposals have been popping up around the world (like in Australia, India, and, most recently, the UK) that call for tech companies to build in ways to gain information about encrypted messages, including through back-door access. There have also been efforts to increase moderation and safety on encrypted messaging apps, like Signal and Telegram, to try to prevent the spread of abusive content, like child sexual abuse material, criminal networking, and drug trafficking.
Not surprisingly, advocates for encryption are generally opposed to these sorts of proposals as they weaken the level of user privacy that’s currently guaranteed by end-to-end encryption.
In my prep work before the panel, and then in our conversation, I learned about some new cryptographic technologies that might allow for some content moderation, as well as increased enforcement of platform policies and laws, all without breaking encryption. These are sort-of fringe technologies right now, mainly still in the research phase. Though they are being developed in several different flavors, most of these technologies ostensibly enable algorithms to evaluate messages or patterns in their metadata to flag problematic material without having to break encryption or reveal the content of the messages.
Legally, and politically, the space is sort of a hornet’s nest; states are desperate to crack down on illicit activity on the platforms, but free speech advocates argue that review will lead to censorship. In my opinion, it’s a space well-worth watching since it may very well impact all of us.
Here’s what you ought to know:
First, some basics on encryption and the debate…
Even if you’re not familiar with exactly how encryption works, you probably use it pretty regularly. It’s a technology that uses cryptography (essentially, the math responsible for codes) to basically scramble messages so that the contents of them remain private. Today, we talk a lot about end-to-end encryption, in which a sender transmits a message that gets encrypted and sent as ciphertext. Then the receiver has to decrypt it to read the message in plain text. With end-to-end encryption, even tech companies that make encrypted apps do not have the “keys” to break that cipher.
Encryption has been debated from a policy perspective since its inception, especially after high-profile crimes or terrorist attacks. (The investigation of the 2015 San Bernardino shooting is one example.) Tech companies argue that providing access would have substantial risks because it would be hard to keep a master key—which doesn’t actually exist today—from bad actors. Opponents of these back doors also say that law enforcement really can’t be trusted with this kind of access.